{"vulnerability": "CVE-2023-27586", "sightings": [{"uuid": "c90d9aff-c70b-456d-981d-78d2794d6079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27586", "type": "seen", "source": "https://t.me/cibsecurity/60328", "content": "\u203c CVE-2023-27586 \u203c\n\nCairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-20T21:04:15.000000Z"}]}